CompTIA CASP+ (CAS-004) — Question 38

After a security incident, a network security engineer discovers that a portion of the company's sensitive external traffic has been redirected through a secondary
ISP that is not normally used.
Which of the following would BEST secure the routes while allowing the network to function in the event of a single provider failure?

Answer options

• A. Disable BGP and implement a single static route for each internal network.
• B. Implement a BGP route reflector.
• C. Implement an inbound BGP prefix list.
• D. Disable BGP and implement OSPF.

Correct answer: C

Explanation

The correct answer is C because an inbound BGP prefix list allows for the filtering of received routes, thus preventing unauthorized routes from being accepted and enhancing security. Option A is incorrect as disabling BGP eliminates dynamic routing capabilities, while D also disables BGP, which is not advisable. Option B, although useful in certain contexts, does not directly address the security concern of route redirection.